According to experts at ESET, the Windows zero-day vulnerability CVE-2019-1132 was exploited by the Buhtrap threat group in a targeted attack aimed at a government organization in Eastern Europe.
Yes, the answer is 42! 🙂
During a forensic investigation, Windows Event Logs are the primary source of evidence.Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artifacts, but a deep knowledge of events IDs is mandatory.
Recently i’ve worked on a cybersecurity incident that involved the use of Silver Tickets on Kerberos. I think may be useful a brief recap about this attack technique.
I just recently to perform a forensic analysis on a compromised Microsoft Azure VM, and I’d like to share a couple of useful tips.